-
This came up through an issue report on Vector about it not using the FIPS endpoints when I am able to see how to configure the SDK to use the FIPS endpoints for accessing various services ( Cargo.toml [package]
name = "aws-tmp"
version = "0.1.0"
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
aws-config = "0.56.1"
aws-credential-types = "0.56.1"
aws-types = "0.56.1"
tokio = { version = "1.32.0", features = ["macros", "rt-multi-thread"] }
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
use aws_config::default_provider::credentials::DefaultCredentialsChain;
use aws_config::sts::AssumeRoleProvider;
use aws_credential_types::provider::ProvideCredentials;
use aws_types::region::Region;
#[tokio::main]
async fn main() -> Result<(), ()> {
tracing_subscriber::fmt::init();
let provider = AssumeRoleProvider::builder("arn:aws:iam::123456789012:role/demo")
.region(Region::from_static("us-east-2"))
.session_name("testAR")
.build(DefaultCredentialsChain::builder().build().await);
dbg!(&provider.provide_credentials().await);
Ok(())
} When running with:
I see it, reasonably, fail to fetch credentials, but, crucially, I see it hitting the normal STS endpoints rather than the FIPS ones. Output:
|
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 2 replies
-
I think this is a bug. Filed an issue to track fixing it: #882 |
Beta Was this translation helpful? Give feedback.
-
@jszwedko @jdisanti I am assuming you reached that conclusion by just comparing Basically what i am saying is, URL's do not need to have the word |
Beta Was this translation helpful? Give feedback.
-
A fix was released as part of https://github.com/awslabs/aws-sdk-rust/releases/tag/release-2023-11-02 |
Beta Was this translation helpful? Give feedback.
A fix was released as part of https://github.com/awslabs/aws-sdk-rust/releases/tag/release-2023-11-02